CVE-2013-6075
strongswan - Denial of service and authorization bypass
EPSS 0.23%
Description
The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
How to fix CVE-2013-6075
To remediate CVE-2013-6075, upgrade the affected package to a fixed version below.
- Debian/strongswan—upgrade to 5.1.0-3 or later
- —upgrade to 4.4.1-5.4 or later
Is CVE-2013-6075 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 5.1.0-3
- from 0, < 4.4.1-5.4